HooToo TripMate Routers are Cute But Insecure – IOActive
Tags
attack-pattern: Data Model Models Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Python - T1059.006 Server - T1583.004 Server - T1584.004 Web Services - T1583.006 Web Services - T1584.006 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID d1afbd5f-c511-4f7d-96bf-0a443c643395
Fingerprint be49bd415823d3e1
Analysis status DONE
Considered CTI value 0
Text language
Published April 23, 2018, midnight
Added to db Feb. 17, 2023, 9:39 p.m.
Last updated Nov. 17, 2024, 10:43 p.m.
Headline HooToo TripMate Routers are Cute But Insecure
Title HooToo TripMate Routers are Cute But Insecure – IOActive
Detected Hints/Tags/Attributes 58/1/17
Source URLs
Redirection Url
Details Source https://blog.ioactive.com/2018/04/hootoo-tripmate-routers-are-cute-but.html
Details Source https://ioactive.com/hootoo-tripmate-routers-are-cute-but/
URL Provider
Details Provider Source level domain
Details ioactive.com blog.ioactive.com
Details ioactive.com ioactive.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
teld.sh
Details Domain 98 
requests.post
Details Domain 55 
exploit.py
Details Domain 1 
delaccessmac.sh
Details Domain 1 
webd.pid
Details File 3 
shellcode.asm
Details File 2 
protocol.cs
Details File 55 
exploit.py
Details File 1 
sysfirm.cs
Details File 124 
os.sys
Details IPv4 3 
10.10.10.254
Details IPv4 18 
10.10.10.1
Details Url 1 
http://10.10.10.254:81/protocol.csp?function=set&fname=security&opt=pwdchk&name=aaaa
Details Url 1 
http://10.10.10.254:81/protocol.csp?function=set&fname=security&opt=open_forwarding&ip=`/etc/init.d/teld.sh
Details Url 1 
http://10.10.10.254:81/protocol.csp
Details Url 1 
http://10.10.10.254:81/protocol.csp?function=set
Details Url 1 
http://10.10.10.254:81/sysfirm.csp